Skip to content
  1. Feb 08, 2010
  3. Feb 06, 2010
  5. Feb 05, 2010
  7. Feb 04, 2010
  9. Feb 03, 2010
    • Ted Kremenek's avatar
      Fix regression in RegionStore due to recent changes in · d960564b
      Ted Kremenek authored 
      RegionStoreManager::InvalidateRegions() by adjusting the worklist to
iterate over BindingKeys instead of MemRegions.  We also only need to
do the actual invalidation work on base regions, and for non-base
regions just blow away their bindings.

llvm-svn: 95200
      d960564b
    • Ted Kremenek's avatar
      Rework RegionStoreManager's implementation of InvalidateRegions() to · 64efd0d2
      Ted Kremenek authored 
      not build a subregion map and instead do a single scan of the store.
This is done by building "region clusters" that represent the
collection of regions that have the same base region.  Invalidating
any region in a cluster means that they all should get invalidated.

This change brought out a point that Zhongxing mentioned to me
offline: the flattened memory binding has issues distinguishing
between direct and default bindings.  For example, setting the default
value for an entire struct is the same as binding to the first
element.  To address this problem, I moved the binding "tag" (Direct
or Default) from BindingVal to BdingKey (and removed BindingVal
entirely).  This requires us to do double lookups in some cases; and
there is still much more cleanup that can be done.

This change produced a noticeable speedup when analyzing sqlite3 (a
reduction of 4% in running time).

llvm-svn: 95193
      64efd0d2
  11. Feb 02, 2010
  13. Jan 27, 2010
  15. Jan 25, 2010
    • Ted Kremenek's avatar
      Split libAnalysis into two libraries: libAnalysis and libChecker. · d6b87086
      Ted Kremenek authored 
      (1) libAnalysis is a generic analysis library that can be used by
    Sema.  It defines the CFG, basic dataflow analysis primitives, and
    inexpensive flow-sensitive analyses (e.g. LiveVariables).

(2) libChecker contains the guts of the static analyzer, incuding the
    path-sensitive analysis engine and domain-specific checks.

Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.

This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker.  More changes pending.  :)

This change also exposed a layering violation between AnalysisContext
and MemRegion.  BlockInvocationContext shouldn't explicitly know about
BlockDataRegions.  For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet).  We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.

llvm-svn: 94406
      d6b87086
  17. Jan 18, 2010
  19. Jan 11, 2010
    • Ted Kremenek's avatar
      Switch RegionStore over to using <BaseRegion+raw offset> to store · be909b5e
      Ted Kremenek authored 
      value bindings.  Along with a small change to OSAtomicChecker, this
resolves <rdar://problem/7527292> and resolves some long-standing
issues with how values can be bound to the same physical address by
not have the same "key".  This change is only a beginning; logically
RegionStore needs to better handle loads from addresses where the
stored value is larger/smaller/different type than the loaded value.
We handle these cases in an approximate fashion now (via
CastRetrievedVal and help in SimpleSValuator), but it could be made
much smarter.

llvm-svn: 93137
      be909b5e
    • Ted Kremenek's avatar
      Preliminary reworking of value-binding logic in RegionStore: · 8e994a28
      Ted Kremenek authored 
      (1) Introduce a new 'BindingKey' class to match 'BindingValue'.  This
gives us the flexibility to change the current key value from 'const
MemRegion*' to something more interesting.

(2) Rework additions/removals/lookups from the store to use new
'Remove', 'Add', 'Lookup' utility methods.

No "real" functionality change; just prep work and abstraction.

llvm-svn: 93136
      8e994a28
  21. Jan 05, 2010
  23. Dec 21, 2009
  25. Dec 17, 2009
  27. Dec 16, 2009
    • Zhongxing Xu's avatar
      Add a new kind of region: CXXObjectRegion. Currently it has only one · 6df9f54d
      Zhongxing Xu authored 
      attribute: the object type. 
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.

llvm-svn: 91535
      6df9f54d
    • Ted Kremenek's avatar
      Add (initial?) static analyzer support for handling C++ references. · 4cad5fc0
      Ted Kremenek authored 
      This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.

The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements.  Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue.  DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.

The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.

In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents.  EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).

Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).

Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references.  This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.

llvm-svn: 91501
      4cad5fc0
    • Ted Kremenek's avatar
      Remove ValueManager::getRegionValueSymbolValOrUnknown(). It was just extra... · 9158fb74
      Ted Kremenek authored 
      Remove ValueManager::getRegionValueSymbolValOrUnknown().  It was just extra veneer on top of getRegionValueSymbolVal().

llvm-svn: 91471
      9158fb74
  29. Dec 11, 2009
  31. Dec 07, 2009
    • Ted Kremenek's avatar
      Add analysis support for blocks. This includes a few key changes: · 04af9f20
      Ted Kremenek authored 
      - Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.

This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects.  Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object.  In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).

llvm-svn: 90809
      04af9f20
  33. Dec 04, 2009
  35. Dec 03, 2009
  37. Nov 28, 2009
  39. Nov 26, 2009
  41. Nov 25, 2009